Closed
Bug 1425826
Opened 8 years ago
Closed 8 years ago
[Static Analysis] Dereference of null return value in BinASTParser::parseBlockStatementAux
Categories
(Core :: JavaScript Engine, enhancement, P1)
Core
JavaScript Engine
Tracking
()
RESOLVED
FIXED
mozilla59
| Tracking | Status | |
|---|---|---|
| firefox59 | --- | fixed |
People
(Reporter: andi, Assigned: andi)
References
(Blocks 1 open bug)
Details
(Keywords: coverity, Whiteboard: CID 1426305)
Attachments
(1 file)
A possible null pointer dereference can occur in the following context:
>> // In case of absent optional fields, inject default values.
>> if (!body)
>> body = factory_.newStatementList(tokenizer_->pos());
>>
>> MOZ_TRY_VAR(body, appendDirectivesToBody(body, directives));
I think we can avoid this by packing | newStatementList | call with TRY_DECL.
| Comment hidden (mozreview-request) |
|
||
Comment 2•8 years ago
|
||
| mozreview-review | ||
Comment on attachment 8937418 [details]
Bug 1425826 - prevent null pointer dereference in BinASTParser::parseBlockStatementAux.
https://reviewboard.mozilla.org/r/208092/#review214458
r=me with the one comment addressed.
::: js/src/frontend/BinSource.cpp:338
(Diff revision 1)
> }
> }
>
> // In case of absent optional fields, inject default values.
> if (!body)
> - body = factory_.newStatementList(tokenizer_->pos());
> + TRY_DECL(body, factory_.newStatementList(tokenizer_->pos()));
This seems like it would be a syntax error. Does it compile?
I think it needs to be `TRY_VAR` instead of `TRY_DECL`.
Attachment #8937418 -
Flags: review?(jorendorff) → review+
|
|
||
Updated•8 years ago
|
Priority: -- → P1
| Comment hidden (mozreview-request) |
Pushed by bpostelnicu@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/4d07f50ba637
prevent null pointer dereference in BinASTParser::parseBlockStatementAux. r=jorendorff
|
||
Comment 5•8 years ago
|
||
| bugherder | ||
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla59
You need to log in
before you can comment on or make changes to this bug.
Description
•